New Research Reports Reveal Disturbing DDoS Statistics

Distributed denial-of-service (DDoS) attacks are more powerful, harder to prevent and costlier to deal with than ever before.

And if you need any proof, take a look at two major, recently released research studies.

According to the 2017 Data Breach Investigations Report from Verizon, enterprises experienced 11,246 DDoS incidents last year. Virtually all (98%) of the attacks were aimed at large organizations. Most of the incidents lasted a couple of days or less — more than enough time to bring down a website and render important systems useless.

The May 2017 Worldwide DDoS Attacks and Cyber Insights Research Report from information services firm Neustar gets into more detail. Neustar and Harris Interactive conducted global, independent research of directors, managers, CISOs, CSOs, CTOs and other c-suite executives. Respondents came from various industries, including financial services, technology, healthcare, retail and energy. Annual revenues of about half of these enterprises ranged from $500 million to $1 billion.

Of the 1,010 organizations surveyed, 849 had experienced a DDoS attack within the past year; 86 percent of those companies had been hit more than once. Furthermore:

  • 45 percent of DDoS attacks were more than 10 gigabits per second
  • 15 percent of attacks were at least 50 Gbps
  • 43 percent of organizations lost an average of $250,000 per hour
  • 51 percent needed three hours or more to detect an attack
  • 40 percent needed at least three hours to respond once an attack was discovered

What makes these numbers especially disturbing is that virtually all of the organizations surveyed (99 percent) were using some type of DDoS protection.

The Mirai Factor

Until recently, DDoS attacks rarely grabbed headlines the way cyber-espionage forays do. However, the Internet of Things (IoT) has changed all that. It's empowered DDoS attackers in unimaginable ways. the best example is Mirai malware.

Mirai, the Japanese word for "the future," infects IoT devices like cameras and servers, turning them into bots to be employed in DDoS attacks. Hackers can conduct large-scale DDoS attacks on services from hundreds or thousands of devices unattributable to the attacker.

Mirai botnets have done considerable damage since they were first discovered on Olympic websites last August. In September, they executed a record 620 Gbps attack on the cybersecurity blog KrebsOnSecurity, taking it offline. In October, the target was Internet infrastructure firm Dyn. That resulted in taking down many of the most-used web services, including Twitter, Reddit, Netflix and Spotify websites. Since then, other Mirai victims have included nearly a million Internet users in Germany and the entire country of Liberia.

"The Mirai botnet attacks were a wake-up call," said Deborah Clark-McGinn, senior director or product marketing at Neustar. "What most organizations have in place is not enough, especially in the face of new and emerging attack methods. Most organizations have some sort of DDoS protection in place, yet 90 percent are investing more than they did a year ago, and 36 percent think they should be investing even more."

Is your enterprise prepared? We can help. Our Dispersive™ Virtualized Network will enable you to prosper from the benefits of IoT while minimizing the security risks IoT poses.

Find out how we or one of our carrier partners can improve your situation. Email us at info@dispersivegroup.com or call us at (844) 403-5852.